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2 8 MAR 1985 


MEMORANDUM FOR: Director, Intelligence Community Staff 

FROM: Harry E. Fitzwater 

Deputy Director for Administration 

SUBJECT: Evaluation of the Agency* s Information 

Security Program 



1. Attached for your information is the Information Security Oversight 
Office's (ISOO) report on its FY 1984 inspections of the Agency's 
information security program. As you will note, the ISOO inspections 
focused on the review of classified documents for proper classification and 
markings, safeguarding procedures, information security training programs, 
and the degree of understanding by Agency personnel in making original and 
derivative classification decisions. With the exception of the marking 
problems mentioned in Part II. paragraph A. of the report, ISOO found that 
CIA met or exceeded the standards established by Executive Order 12356 and 
its implementing directive. 

2. In regard to the portion marking problem, Mr. Harold Mason, the 
ISOO representative, conducted a follow-up inspection at ICS on 

26 February 1985 and found only minor inconsistencies in classification 
markings. During his visit, Mr. Mason offered ISOO's slide program on 
"classification marking" for use in briefing ICS personnel on the proper 
procedures for marking documents. I understand the offer was accepted and 
that arrangements are being made to conduct a refresher training program 
which should correct this problem. 

3. Please express my appreciation to Robert McDonald, Richard Hayes, 
and Raymond Fioramonti for their cooperation and the excellent briefings 
they provided during this inspection. 

STAT 


Harry E. Fitzwater 


Attachment: 
As Stated 
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DDA/ 01 S/IRMD/IMB/ 


dew 


(21 March 1985) 


Distribution : 

Original - Addressee 

1 - DDA Chrono w/att 

1 - OIS Chrono w/att 

1 - IRMD Chrono 
1 - IMB Chrono 

1 - IMB Subject 


STAT 
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Report of Inspection by 
The Information Security Oversight Office 

of the 

Central Intelligence Agency 


i. General 

On March 15, May 3 and August 28, 1984, Harold Mason, 

Program Analyst, Information Security Oversight Office 
(ISOO), inspected the Central Intelligence Agency's (CIA) 
information security program to evaluate its compliance with 
Executive Order 12356. Mr. Mason was accompanied by CIA 
liaison _ I 

Branch. ISOO's FY 1984 inspections continued to concentrate 
on agency training programs; marking and safeguarding; and 
in particular, focused on the degree of understanding CIA 
personnel had of relevant provisions of E.O. 12356 as they 
relate to original and derivative classification. 

ii. Findings 

A. Classification/ Marking 

The agency continues to use its classification guide 
as a basis for its derivative classification. CIA 
procedures for using the guide as a basis for a 
derivative classification are more effective than 
procedures in most other agencies because CIA officials 
marking the documents are required to identify the 
specific item in the guide. This procedure facilitates 
the conduct of audit trails to determine if the level 
and duration assignments are proper. 

The ISOO analyst did encounter marking problems in some 
offices within the Community Headquarters. In some 
instances documents were derivatively classified on the 
basis of multiple sources, but the derivative 
classifiers failed to maintain the identification of 
each source with the file or record copy of the 
derivatively classified document. In another instance. 
Community Headquarters received a classified document 
from another agency that was portion marked. The 
office in Community Headquarters generated another 
document from the source document but failed to carry 
forward the portion marking. The last type of marking 
problem encountered involved multiple page documents or 
reports with inserts and attachments. Contributors to 
the final product are often military and non-military 
agencies. The military portion mark their input in the 
beginning of the paragraph and the agency contributions 
were marked at the end of the paragraph. The Order 
does permit either method but there should be 


STAT 
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consistency within a single report especially since it 
will generally get wide dissemination and possibly be 
used as the basis for derivative classification. I 
recognize that the make up of the Community Head- 
quarters contributes to this type of problem, but 
careful editing of the final product can resolve the 
discrepancy. Not all offices had marking problems. 

Many documents reviewed were portion marked by 
paragraph, subparagraph, and even specific pieces of 
information. The marking officials stated that it was 
extremely important that documents be marked thoroughly 
because of the sensitivity of the final product. 

Some officials inside and outside of the agency feel 
that one directorate uses the special marking "ORCON" 
in its reports too frequently. It is their contention 
that the frequent use of the caveat impedes them from 
producing a final product or report expeditiously 
because they must obtain approval to use the 
information, which in turn, results in undesired 
delays. 

B. Training 

Personnel responsible for the classifying and marking 
of documents continue to receive effective initial and 
refresher training. Immediate corrections are made 
when errors in marking procedures are detected. 

Training in the handling, safeguarding and use of 
classified information is an ongoing program with 
frequent refresher sessions and constant observation. 

C. Safeguarding 

The agency has excellent procedures for the trans- 
mittal, storage and handling of classified information. 
Programs and procedures are constantly reviewed to 
determine if they require upgrading or modification. 
Individual offices have strict programs for the 
checking and control of classified information in their 
possession. No deficiency was detected during the 
course of the inspections. 

III. Conclusion 

The Central Intelligence Agency's information security 
program is in compliance with the Executive Order and the 
ISOO Directive. The only problems detected were instances 
of mis-marked documents at Community Headquarters. 


Sanitized Copy Approved for Release 2010/06/08 : CIA-RDP88G00186R001 001 30001 3-7 



Sanitized Copy Approved for Release 2010/06/08 : CIA-RDP88G00186R001 001 30001 3-7 


3 


IV. Recommendations 

Documents should be periodically checked at Community 
Headquarters to determine if they are in compliance with the 
Order. When deficiencies are detected, the responsible 
official should be notified and errors corrected. 
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